Browse Source

LDAP proxy support

it enables support of ldap proxy in HA-mode.

Change-Id: I24bb5c8033d202dfc56d3779c93b42a36881d95b
changes/05/328505/18
Maksym Yatsenko 3 years ago
parent
commit
331e3239b7

+ 55
- 0
deployment_scripts/puppet/modules/plugin_ldap/lib/puppet/parser/functions/proxy_config_parser.rb View File

@@ -0,0 +1,55 @@
1
+module Puppet::Parser::Functions
2
+  newfunction(:proxy_config_parser, :type => :rvalue, :doc => <<-EOS
3
+This function parses text area of custom openldap proxy configs and
4
+text area of additional domains, returns an array with two elements,
5
+1st element contains all custom openldap proxy configs, 2nd element
6
+contains list of domains that use default (from template) proxy config.
7
+EOS
8
+  ) do |args|
9
+
10
+# args[0]: additional LDAP domains
11
+# args[1]: custom openldap proxy configs
12
+# args[2]: default domain
13
+
14
+    domains_with_proxy = ['base_config']
15
+    domains_custom_proxy_configs = {}
16
+    slapd_custom_conf = ''
17
+    domains_default_conf = []
18
+    function_returns = []
19
+    array_of_domain_configs = args[0].split(/^$/)
20
+    array_of_slapd_configs = args[1].split(/^$/)
21
+    domains_with_proxy = domains_with_proxy.push(args[2])
22
+
23
+#find domain with proxy enabled
24
+    array_of_domain_configs.each do |domain_config|
25
+      if domain_config.include? "ldap_proxy=true"
26
+        domain_item = domain_config.slice(/(domain=.*)[^\n]/)
27
+        domain = domain_item.split(/=/)
28
+        domains_with_proxy = domains_with_proxy.push(domain[1])
29
+      end
30
+    end
31
+
32
+#find domains with specified custom ldap proxy configs
33
+    array_of_slapd_configs.each do |custom_config|
34
+      custom_config_item = custom_config.slice!(/(config_for=.*)[^\n]/)
35
+      custom_config_domain = custom_config_item.split(/=/)
36
+      domains_custom_proxy_configs[custom_config_domain[1]] = custom_config
37
+    end
38
+
39
+#find domains with custom/default proxy configs
40
+    domains_with_proxy.each do |domain|
41
+      if domains_custom_proxy_configs[domain]
42
+        slapd_custom_conf += domains_custom_proxy_configs[domain]
43
+      else
44
+        domains_default_conf = domains_default_conf.push(domain)
45
+      end
46
+
47
+    end
48
+
49
+    function_returns = function_returns.push(slapd_custom_conf)
50
+    function_returns = function_returns.push(domains_default_conf)
51
+
52
+    return function_returns
53
+
54
+    end
55
+  end

+ 58
- 15
deployment_scripts/puppet/modules/plugin_ldap/manifests/controller.pp View File

@@ -12,7 +12,7 @@ class plugin_ldap::controller {
12 12
   }
13 13
 
14 14
   $identity_driver        = 'keystone.identity.backends.ldap.Identity'
15
-  $url                    = $::fuel_settings['ldap']['url']
15
+  $ldap_url               = $::fuel_settings['ldap']['url']
16 16
   $suffix                 = $::fuel_settings['ldap']['suffix']
17 17
   $user                   = $::fuel_settings['ldap']['user']
18 18
   $password               = $::fuel_settings['ldap']['password']
@@ -25,6 +25,8 @@ class plugin_ldap::controller {
25 25
   $user_pass_attribute    = $::fuel_settings['ldap']['user_pass_attribute']
26 26
   $user_enabled_attribute = $::fuel_settings['ldap']['user_enabled_attribute']
27 27
   $additional_domains     = $::fuel_settings['ldap']['additional_domains']
28
+  $ldap_proxy_custom_conf = $::fuel_settings['ldap']['ldap_proxy_custom_conf']
29
+  $ldap_proxy             = $::fuel_settings['ldap']['ldap_proxy']
28 30
 
29 31
   $user_allow_create      = false
30 32
   $user_allow_update      = false
@@ -49,6 +51,52 @@ class plugin_ldap::controller {
49 51
   $use_tls                = $::fuel_settings['ldap']['use_tls']
50 52
   $ca_chain               = pick($::fuel_settings['ldap']['ca_chain'], false)
51 53
 
54
+###############################################################################
55
+
56
+  #Install ldap_proxy and generate slapd.conf file
57
+  if $ldap_proxy {
58
+    $url = "ldap://${management_vip}"
59
+
60
+    $proxy_data = proxy_config_parser($additional_domains, $ldap_proxy_custom_conf, $domain)
61
+
62
+    class {'plugin_ldap::ldap_proxy_install':
63
+      slapd_custom_config   => $proxy_data[0],
64
+      slapd_config_template => $proxy_data[1],
65
+      domain_name           => $domain,
66
+      use_tls               => $use_tls,
67
+    }
68
+
69
+    class {'plugin_ldap::ldap_proxy_init':
70
+      internal_virtual_ip => $management_vip,
71
+    }
72
+
73
+    Class['plugin_ldap::ldap_proxy_install'] -> Plugin_ldap::Keystone<||> -> Class['plugin_ldap::ldap_proxy_init']
74
+    Service['httpd'] -> Class['plugin_ldap::ldap_proxy_init']
75
+
76
+    if $use_tls {
77
+      plugin_ldap::tls { "${domain}_tls_certificate" :
78
+        domain_tls => $domain,
79
+        ca_chain   => $ca_chain,
80
+      }
81
+    }
82
+    $tls = false
83
+  } else {
84
+    $url        = $::fuel_settings['ldap']['url']
85
+    $proxy_data = []
86
+    $tls        = $use_tls
87
+  }
88
+
89
+  #Create domains using info from text area 'List of additional Domains'
90
+  if $additional_domains {
91
+    $domains_list = split($additional_domains, '^$')
92
+    plugin_ldap::multiple_domain { $domains_list:
93
+      identity_driver       => $identity_driver,
94
+      ldap_proxy            => $ldap_proxy,
95
+      management_vip        => $management_vip,
96
+      slapd_config_template => $proxy_data[1],
97
+    }
98
+  }
99
+
52 100
   file { '/etc/keystone/domains':
53 101
     ensure => 'directory',
54 102
     owner  => 'keystone',
@@ -60,11 +108,10 @@ class plugin_ldap::controller {
60 108
     "identity/domain_specific_drivers_enabled": value => 'True';
61 109
   }
62 110
 
63
-  plugin_ldap::keystone {$domain:
64
-    domain                 => $domain,
111
+  plugin_ldap::keystone { $domain:
65 112
     identity_driver        => $identity_driver,
66 113
     url                    => $url,
67
-    use_tls                => $use_tls,
114
+    use_tls                => $tls,
68 115
     ca_chain               => $ca_chain,
69 116
     suffix                 => $suffix,
70 117
     user                   => $user,
@@ -96,37 +143,33 @@ class plugin_ldap::controller {
96 143
     chase_referrals        => $chase_referrals,
97 144
   }
98 145
 
99
-  Plugin_ldap::Keystone<||> ~>
100 146
   service { 'httpd':
101
-    name   => "$apache::params::service_name",
147
+    name   => $apache::params::service_name,
102 148
     ensure => running,
103 149
   }
104 150
 
105
-#Create domains using info from text area 'List of additional Domains'
106
-  if $additional_domains {
107
-    $domains_list = split($additional_domains, '^$')
108
-    plugin_ldap::multiple_domain { $domains_list:
109
-      identity_driver => $identity_driver,
110
-    }
111
-  }
112
-
113 151
   file_line { 'OPENSTACK_KEYSTONE_URL':
114 152
     path  => '/etc/openstack-dashboard/local_settings.py',
115 153
     line  => "OPENSTACK_KEYSTONE_URL = \"http://${management_vip}:5000/v3/\"",
116 154
     match => "^OPENSTACK_KEYSTONE_URL = .*$",
155
+    tag   => 'ldap-horizon',
117 156
   }
118 157
 
119 158
   file_line { 'OPENSTACK_API_VERSIONS':
120 159
     path  => '/etc/openstack-dashboard/local_settings.py',
121 160
     line  => "OPENSTACK_API_VERSIONS = { \"identity\": 3 }",
122 161
     match => "^# OPENSTACK_API_VERSIONS = {.*$",
162
+    tag   => 'ldap-horizon',
123 163
   }
124 164
 
125 165
   file_line { 'OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT':
126 166
     path  => '/etc/openstack-dashboard/local_settings.py',
127 167
     line  => "OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True",
128 168
     match => "^# OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = .*$",
169
+    tag   => 'ldap-horizon',
129 170
   }
130 171
 
131
-  File_line<||> ~> Service ['httpd']
172
+  File_line<| tag == 'ldap-horizon'|> ~> Service['httpd']
173
+  Keystone_config <||> ~> Service['httpd']
174
+  Plugin_ldap::Tls<||> ~> Service['httpd']
132 175
 }

+ 6
- 15
deployment_scripts/puppet/modules/plugin_ldap/manifests/keystone.pp View File

@@ -1,5 +1,5 @@
1 1
 define plugin_ldap::keystone (
2
-  $domain                 = undef,
2
+  $domain                 = $name,
3 3
   $identity_driver        = undef,
4 4
   $url                    = undef,
5 5
   $use_tls                = undef,
@@ -35,33 +35,24 @@ define plugin_ldap::keystone (
35 35
 ){
36 36
 
37 37
   if $use_tls {
38
-    $cacertfile = "/usr/local/share/ca-certificates/cacert-ldap-${domain}.crt"
39 38
 
39
+    plugin_ldap::tls { "${domain}_tls_certificate" :
40
+      domain_tls => $domain,
41
+      ca_chain   => $ca_chain,
42
+    }
40 43
     if $ca_chain {
41 44
       $tls_cacertdir = '/etc/ssl/certs'
42 45
     }
43 46
     else {
44 47
       $tls_cacertdir = ''
45 48
     }
46
-
47
-    if $ca_chain {
48
-      file { $cacertfile:
49
-        ensure  => file,
50
-        mode    => 0644,
51
-        content => $ca_chain,
52
-      }
53
-      ~>
54
-      exec { "$domain" :
55
-        command => '/usr/sbin/update-ca-certificates'
56
-      }
57
-    }
58 49
   }
59 50
 
60 51
   file { "/etc/keystone/domains/keystone.${domain}.conf":
61 52
     ensure  => 'file',
62 53
     owner   => 'root',
63 54
     group   => 'root',
64
-    mode    => '644',
55
+    mode    => '0644',
65 56
     require => File['/etc/keystone/domains'],
66 57
   }
67 58
 

+ 75
- 0
deployment_scripts/puppet/modules/plugin_ldap/manifests/ldap_proxy_init.pp View File

@@ -0,0 +1,75 @@
1
+class plugin_ldap::ldap_proxy_init (
2
+  $internal_virtual_ip     = undef,
3
+  $slapd_defaults_match    = '^SLAPD_SERVICES=',
4
+  $slapd_defaults_path     = '/etc/default/slapd',
5
+  $bin_paths               = '/usr/sbin/:/usr/local/bin/:/bin/:/usr/bin',
6
+  $slaptest_run            = 'slaptest -f /etc/ldap/slapd.conf  -F /etc/ldap/slapd.d',
7
+  $slapd_rsyslog           = '/etc/rsyslog.d/slapd.conf',
8
+) {
9
+
10
+  $network_metadata = hiera_hash('network_metadata', {})
11
+  $controller_hash  = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']), 'management')
12
+  $controller_nodes = keys($controller_hash)
13
+  $controller_ip    = values($controller_hash)
14
+  $network_scheme   = hiera_hash('network_scheme', {})
15
+  prepare_network_config($network_scheme)
16
+  $local_address    = get_network_role_property('management', 'ipaddr')
17
+  $cidr             = hiera('management_network_range')
18
+  $slapd_defaults_services = "SLAPD_SERVICES=\"ldap://${local_address}\""
19
+
20
+  file_line { 'slapd_defaults':
21
+    ensure  => present,
22
+    path    => $slapd_defaults_path,
23
+    line    => $slapd_defaults_services,
24
+    replace => true,
25
+    match   => $slapd_defaults_match,
26
+  } ->
27
+
28
+  exec { 'run_slaptest':
29
+    command => $slaptest_run,
30
+    path    => $bin_paths,
31
+    user    => 'openldap',
32
+    group   => 'openldap',
33
+    notify  => Service['slapd'],
34
+  } ->
35
+
36
+  service { 'slapd':
37
+    ensure => 'running',
38
+    enable => true,
39
+  }
40
+
41
+  service { 'rsyslog':
42
+    ensure => 'running',
43
+    enable => true,
44
+  }
45
+
46
+  file { $slapd_rsyslog:
47
+    ensure  => present,
48
+    content => template('plugin_ldap/slapd_rsyslog.erb'),
49
+    notify  => Service['rsyslog'],
50
+  }
51
+
52
+  firewall { '255 allow ldap-proxy':
53
+    source      => $cidr,
54
+    destination => $baremetal_ipaddr,
55
+    proto       => 'tcp',
56
+    dport       => '389',
57
+    state       => ['NEW', 'RELATED', 'ESTABLISHED'],
58
+    action      => 'accept',
59
+  } ->
60
+
61
+  openstack::ha::haproxy_service { 'slapd':
62
+    internal_virtual_ip    => $internal_virtual_ip,
63
+    ipaddresses            => $controller_ip,
64
+    server_names           => $controller_nodes,
65
+    haproxy_config_options => {
66
+      mode   => 'tcp',
67
+      stats  => 'enable',
68
+      option => ['ldap-check',]
69
+    },
70
+    balancermember_options => 'maxconn 10000 check',
71
+    order       => '180',
72
+    listen_port => '389',
73
+  } ~> Service<| title == 'haproxy' |>
74
+
75
+}

+ 66
- 0
deployment_scripts/puppet/modules/plugin_ldap/manifests/ldap_proxy_install.pp View File

@@ -0,0 +1,66 @@
1
+class plugin_ldap::ldap_proxy_install (
2
+  $domain_name,
3
+  $slapd_custom_config     = undef,
4
+  $slapd_config_template   = undef,
5
+  $use_tls                 = false,
6
+  $base_config_label       = 'base_config',
7
+  $slapd_dir               = '/etc/ldap/slapd.d/*',
8
+  $slapd_config            = '/etc/ldap/slapd.conf',
9
+) {
10
+
11
+  package { 'ldap-utils':
12
+    ensure => 'installed',
13
+  } ->
14
+
15
+  file { '/etc/init/slapd.conf':
16
+    ensure  => present,
17
+    content => template('plugin_ldap/slapd_upstart.erb'),
18
+  } ->
19
+
20
+  package { 'slapd':
21
+    ensure => 'installed',
22
+  } ->
23
+
24
+  exec { 'clean_slapd_d':
25
+    command => "/bin/rm -rf ${slapd_dir}",
26
+  } ->
27
+
28
+  concat { "${slapd_config}" :
29
+    owner => 'root',
30
+    group => 'root',
31
+    mode  => '0644',
32
+  }
33
+
34
+  if $base_config_label in $slapd_config_template {
35
+      concat::fragment { "base_fragment" :
36
+        target  => $slapd_config,
37
+        content => template('plugin_ldap/slapd_base.erb'),
38
+        order   => '10',
39
+      }
40
+  }
41
+
42
+  if $domain_name in $slapd_config_template {
43
+    if ! $use_tls {
44
+      concat::fragment { "${domain_name}_fragment" :
45
+        target  => $slapd_config,
46
+        content => template('plugin_ldap/slapd_conf.erb'),
47
+        order   => '20',
48
+      }
49
+    }
50
+    else {
51
+      concat::fragment { "${domain_name}_tls_fragment" :
52
+        target  => $slapd_config,
53
+        content => template('plugin_ldap/slapd_tls_conf.erb'),
54
+        order   => '20',
55
+      }
56
+    }
57
+  }
58
+
59
+  if $slapd_custom_config {
60
+    concat::fragment { 'ldap_proxy_init' :
61
+      target  => $slapd_config,
62
+      content => $slapd_custom_config,
63
+      order   => '30',
64
+    }
65
+  }
66
+}

+ 57
- 10
deployment_scripts/puppet/modules/plugin_ldap/manifests/multiple_domain.pp View File

@@ -1,19 +1,66 @@
1 1
 define plugin_ldap::multiple_domain (
2
-  $domain_info     = $title,
3
-  $identity_driver = undef
2
+  $domain_info             = $title,
3
+  $identity_driver         = undef,
4
+  $ldap_proxy              = undef,
5
+  $management_vip          = undef,
6
+  $slapd_config_template   = undef,
7
+  $slapd_conf              = '/etc/ldap/slapd.conf',
4 8
 ){
9
+
5 10
   $domain_params_hash = parse_it($domain_info)
11
+
12
+  $domain                 = $domain_params_hash['domain']
13
+  $suffix                 = $domain_params_hash['suffix']
14
+  $user_tree_dn           = $domain_params_hash['user_tree_dn']
15
+  $user                   = $domain_params_hash['user']
16
+  $password               = $domain_params_hash['password']
17
+  $ldap_url               = $domain_params_hash['url']
18
+  $use_tls                = $domain_params_hash['use_tls']
19
+  $ldap_proxy_multidomain = $domain_params_hash['ldap_proxy']
20
+  $ca_chain               = $domain_params_hash['ca_chain']
21
+
22
+  if $ldap_proxy_multidomain =~ /^[Tt]rue$/ {
23
+    $url = "ldap://${management_vip}"
24
+
25
+    if $domain in $slapd_config_template {
26
+      if $use_tls =~ /^[Ff]alse$/ {
27
+
28
+        concat::fragment { "${domain}_fragment" :
29
+          target  => $slapd_conf,
30
+          content => template('plugin_ldap/slapd_conf.erb'),
31
+        }
32
+      }
33
+      elsif $use_tls =~ /^[Tt]rue$/ {
34
+
35
+        concat::fragment { "${domain}_tls_fragment" :
36
+          target  => $slapd_conf,
37
+          content => template('plugin_ldap/slapd_tls_conf.erb'),
38
+        }
39
+
40
+        plugin_ldap::tls { "${domain}_tls_certificate" :
41
+          domain_tls => $domain,
42
+          ca_chain   => $ca_chain,
43
+        }
44
+
45
+      }
46
+    }
47
+    $tls = false
48
+  } else {
49
+    $url = $domain_params_hash['url']
50
+    $tls = $use_tls ? { /^[Tt]rue$/ => true, default => false }
51
+  }
52
+
6 53
   plugin_ldap::keystone { "$domain_params_hash['domain']" :
7
-    domain                 => $domain_params_hash['domain'],
54
+    domain                 => $domain,
8 55
     identity_driver        => $identity_driver,
9
-    url                    => $domain_params_hash['url'],
10
-    use_tls                => $domain_params_hash['use_tls'],
11
-    ca_chain               => $domain_params_hash['ca_chain'],
12
-    suffix                 => $domain_params_hash['suffix'],
13
-    user                   => $domain_params_hash['user'],
14
-    password               => $domain_params_hash['password'],
56
+    url                    => $url,
57
+    use_tls                => $tls,
58
+    ca_chain               => $ca_chain,
59
+    suffix                 => $suffix,
60
+    user                   => $user,
61
+    password               => $password,
15 62
     query_scope            => $domain_params_hash['query_scope'],
16
-    user_tree_dn           => $domain_params_hash['user_tree_dn'],
63
+    user_tree_dn           => $user_tree_dn,
17 64
     user_filter            => $domain_params_hash['user_filter'],
18 65
     user_objectclass       => $domain_params_hash['user_objectclass'],
19 66
     user_id_attribute      => $domain_params_hash['user_id_attribute'],

+ 18
- 0
deployment_scripts/puppet/modules/plugin_ldap/manifests/tls.pp View File

@@ -0,0 +1,18 @@
1
+define plugin_ldap::tls (
2
+  $domain_tls,
3
+  $ca_chain,
4
+){
5
+
6
+  $cacertfile = "/usr/local/share/ca-certificates/cacert-ldap-${domain_tls}.crt"
7
+
8
+  file { $cacertfile:
9
+    ensure  => file,
10
+    mode    => 0644,
11
+    content => $ca_chain,
12
+  }
13
+  ~>
14
+  exec { "$domain_tls" :
15
+    command => '/usr/sbin/update-ca-certificates'
16
+  }
17
+
18
+}

+ 12
- 0
deployment_scripts/puppet/modules/plugin_ldap/templates/slapd_base.erb View File

@@ -0,0 +1,12 @@
1
+include         /etc/ldap/schema/core.schema
2
+include         /etc/ldap/schema/cosine.schema
3
+include         /etc/ldap/schema/inetorgperson.schema
4
+include         /etc/ldap/schema/nis.schema
5
+
6
+modulepath /usr/lib/ldap
7
+moduleload back_ldap
8
+
9
+pidfile /var/run/slapd/slapd.pid
10
+argsfile /var/run/slapd/slapd.args
11
+
12
+loglevel 0

+ 14
- 0
deployment_scripts/puppet/modules/plugin_ldap/templates/slapd_conf.erb View File

@@ -0,0 +1,14 @@
1
+
2
+################################################
3
+##template config
4
+database ldap
5
+suffix "<%= @suffix %>"
6
+readonly yes
7
+protocol-version 3
8
+uri "<%= @ldap_url %>"
9
+rootdn "<%= @user_tree_dn %>"
10
+idassert-bind   bindmethod=simple
11
+                binddn="<%= @user %>"
12
+                credentials="<%= @password %>"
13
+                mode=none
14
+idassert-authzFrom "*"

+ 3
- 0
deployment_scripts/puppet/modules/plugin_ldap/templates/slapd_rsyslog.erb View File

@@ -0,0 +1,3 @@
1
+#slapd logs
2
+if $programname startswith 'slapd' then /var/log/ldap_proxy.log
3
+&~

+ 18
- 0
deployment_scripts/puppet/modules/plugin_ldap/templates/slapd_tls_conf.erb View File

@@ -0,0 +1,18 @@
1
+
2
+################################################
3
+#template config
4
+database ldap
5
+suffix "<%= @suffix %>"
6
+readonly yes
7
+protocol-version 3
8
+uri "<%= @ldap_url %>"
9
+rootdn "<%= @user_tree_dn %>"
10
+tls start
11
+idassert-bind   bindmethod=simple
12
+                binddn="<%= @user %>"
13
+                credentials="<%= @password %>"
14
+                mode=self
15
+                tls_reqcert=demand
16
+                starttls="yes"
17
+                tls_cacert=/etc/ssl/certs/
18
+idassert-authzFrom "*"

+ 38
- 0
deployment_scripts/puppet/modules/plugin_ldap/templates/slapd_upstart.erb View File

@@ -0,0 +1,38 @@
1
+description "OpenLDAP standalone server"
2
+
3
+start on runlevel [23]
4
+stop on shutdown
5
+
6
+respawn
7
+
8
+kill signal SIGINT
9
+kill timeout 60
10
+
11
+limit nofile 100000 100000
12
+
13
+pre-start script
14
+  . /etc/default/slapd
15
+
16
+  if [ -n "$SLAPD_NO_START" ]; then
17
+    echo 'Not starting slapd: SLAPD_NO_START set in /etc/default/slapd'
18
+    stop
19
+  fi
20
+  if [ -n "$SLAPD_SENTINEL_FILE" ] && [ -e "$SLAPD_SENTINEL_FILE" ]; then
21
+    echo "Not starting slapd: $SLAPD_SENTINEL_FILE exists"
22
+    stop
23
+  fi
24
+
25
+  mkdir -p /var/run/slapd
26
+  chown openldap:openldap /var/run/slapd
27
+end script
28
+
29
+script
30
+  . /etc/default/slapd
31
+
32
+  /usr/sbin/slapd -h "${SLAPD_SERVICES}" -u "${SLAPD_USER}" -g "${SLAPD_GROUP}" -F /etc/ldap/slapd.d -d 0
33
+end script
34
+
35
+post-stop script
36
+  rm -rf /var/run/slapd
37
+end script
38
+

+ 16
- 4
environment_config.yaml View File

@@ -17,15 +17,21 @@ attributes:
17 17
     regex:
18 18
       source: '^ldap[si]?:\/\/([a-zA-Z0-9._-]+)(:[0-9]+)?$'
19 19
       error: "LDAP URL is not valid. Should be e.g. 'ldap://example.com'."
20
+  ldap_proxy:
21
+    value: false
22
+    label: "LDAP proxy"
23
+    description: "Enable LDAP proxy."
24
+    weight: 26
25
+    type: "checkbox"
20 26
   use_tls:
21 27
     value: false
22 28
     label: "Use TLS"
23 29
     description: "Enable TLS for communicating with the LDAP server."
24
-    weight: 26
30
+    weight: 27
25 31
     type: "checkbox"
26 32
   ca_chain:
27 33
     type: "textarea"
28
-    weight: 27
34
+    weight: 28
29 35
     value: ''
30 36
     label: "CA Chain"
31 37
     description: "CA trust chain in PEM format."
@@ -39,7 +45,7 @@ attributes:
39 45
     value: 'cn=example,cn=com'
40 46
     label: 'LDAP Suffix'
41 47
     description: 'LDAP server suffix.'
42
-    weight: 26
48
+    weight: 29
43 49
     type: "text"
44 50
   user:
45 51
     value: 'cn=admin,dc=local'
@@ -176,4 +182,10 @@ attributes:
176 182
     weight: 120
177 183
     value: ''
178 184
     label: "List of additional Domains"
179
-    description: "Blocks of additional domains/parameters that should be created"
185
+    description: "Blocks of additional domains/parameters that should be created."
186
+  ldap_proxy_custom_conf:
187
+    type: "textarea"
188
+    weight: 125
189
+    value: ''
190
+    label: "List of custom LDAP proxy configs"
191
+    description: "List of custom LDAP proxy configs."

+ 3
- 3
metadata.yaml View File

@@ -1,15 +1,15 @@
1 1
 name: ldap
2 2
 title: LDAP plugin for Keystone
3
-version: '2.0.0'
3
+version: '3.0.0'
4 4
 description: Enable to use LDAP authentication backend for Keystone
5
-fuel_version: ['8.0']
5
+fuel_version: ['9.0']
6 6
 licenses: ['Apache License Version 2.0']
7 7
 authors: ['Mirantis']
8 8
 homepage: 'https://github.com/stackforge/fuel-plugin-ldap'
9 9
 groups: ['network']
10 10
 releases:
11 11
   - os: ubuntu
12
-    version: liberty-8.0
12
+    version: mitaka-9.0
13 13
     mode: ['ha']
14 14
     deployment_scripts_path: deployment_scripts/
15 15
     repository_path: repositories/ubuntu

Loading…
Cancel
Save